9

My problem:

I am having a hard time figuring out a way to safely manage auto-renewable subscriptions in iOS with Firebase.

Purchase process:

  1. User1 purchases a subscription
    • Update User1's account on Firebase w/ the subscription identifier (used to unlock content)
    • Store original_transaciton_identifier(OTI) w/ uid of User1 to match w/ receipt verification from Apple.
    • Grant user access

Edge cases causing my brain to implode:

  1. User1 logs out of AppleId used to purchase subscription, but remains logged in to app w/ Firestore credentials.
    • Therefore, when I go to verify if the subscription has expired it does not return a valid subscription. I want the user to be able to keep their access until it is expired or canceled. Any tips on achieving this?
  2. User2 logs into the same device User1 was previously using.
    • Therefore, the same AppleId is being used for both users. I can check if the current user has a subscription, and check the OTI to see if it corresponds to User2...which it won't.
    • We will show the 'purchase iAPs' screen, but what if this user wants to buy a subscription as well under the same AppleId? Is it normal for me to handle this saying, "Apple Id already connected with another account or something"?

Relevant articles I've been able to find:

How to tie auto-renewable subscriptions to in house user, not appled id

I've been struggling with this for sometime and haven't been able to find many resources. All help is appreciated.

Casey West
  • 578
  • 5
  • 22

1 Answers1

15

For case #1:

When you attempt to access the receipt Apple will trigger a login prompt for the user to enter their iTunes credentials. If a receipt is still unavailable, you won't be able to verify the subscription status. The "right" way to do this is to store the entire receipt on your server, and periodically refresh it with /verifyReceipt. You'll check if the subscription was cancelled, and update the expiration_date so you know when to cut off access for the user.

For case #2:

Is it normal for me to handle this saying, "Apple Id already connected with another account or something"?

Yes! If you're able to look at how some other large subscription apps handle this (Netflix, Spotify, HBO, etc.) - it's similar to what you describe. Instead of checking the receipt locally every time, if you maintain the subscription status on your server (as mentioned in #1) this would only happen if the user tries to "Restore Purchases".

This is a pretty extreme edge case, since not many people try to make a purchase on their friends phone and would require TouchID/FaceID in most cases - so it's more of a fraud prevention feature. Once you get millions of users you can get fancy and send them an automated email link to signup with Stripe if you detect this.

Alternative:

RevenueCat can handle all the subscription tracking and these edge cases out-of-the-box, and it plays nice with an official Firebase integration. Disclaimer: I work there.

enc_life
  • 4,973
  • 1
  • 15
  • 27
  • 6
    I appreciate the answer :) I'm taking a look at RevenueCat's docs right now...you may have just gained a customer haha – Casey West Mar 26 '19 at 16:53
  • Does RevenueCat handle #2 as describe? As far as I'e understood from documentation it merges user accounts in case of restoring purchases from different Revenue Cat's account with same Apple ID, did I get it wrong? – Peter K Nov 28 '19 at 15:10
  • @PeterK to completely prevent this don't include a "Restore Purchases" button in your app (you won't find one in Netflix). RevenueCat can prevent multiple user Ids from sharing the same subscription if you set `allowAppStoreAccountSharing=false` – enc_life Nov 28 '19 at 16:10
  • RevenueCat now lets you configure the behavior for case #2, and either transfer the purchases between accounts or simply return an error. – enc_life Jun 28 '21 at 15:47
  • Just tossing my two cents, I know this may be off topic, we tried to integrate RevenueCat with Stripe for a flutter web app for endless days and finally gave up and just handled the integration ourself in 1/4 the time we spent attempting a RevCat integration. Maybe they're better with Apple related payments... – Albert Renshaw Jan 03 '23 at 04:18
  • @AlbertRenshaw Yeah RevenueCat is just be in the way if you're only using Stripe for payments - Stripe has great APIs and the process is straightforward. The value of RevenueCat is when you need to also add in-app purchases through Apple, Google, Amazon, etc. – enc_life Jan 11 '23 at 23:15